It cross-references known weaknesses (from compliance scans and audits) against the security controls.
The RAR is a living document. As new threats emerge, the RAR must be updated to reflect how the system's risk posture has changed. The Synergy of Compliance Ssp rar
It provides a "High," "Moderate," or "Low" risk rating for the system, which is essential for the Authorizing Official (AO) to grant an Authority to Operate (ATO) . Ssp rar